Cyber Intelligence Weekly (March 26, 2023): Our Take on Three Things You Need to Know
Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!
To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe
Also, we are always looking for great people to join our team. If you know anyone who fits the profiles for any of our open positions, drop me a line and let me know!
Before we get started on this week’s CIW, I’d like to highlight a great upcoming webinar put on by Echelon’s Women in Cyber Employee Resource Group, Women in Cybersecurity: Paving the Path for Future Leaders. For all aspiring women leaders in cyber, and anyone else who’d like to attend and hear this great conversation and learn how you can be a great ally to support women in cyber, we’d love for you to attend! Register here.
Away we go!
1. Is TikTok the Problem, or are We the Problem?
TikTok’s CEO, Shou Zi Chew, met with a unified front of lawmakers last week who belted him with questions and accusations relentlessly for five hours in a hearing that seemed doomed from the beginning.
U.S. lawmakers are up in arms because the most popular social media giant in the world is a Chinese based organization, owned by China-based ByteDance. The worries stem from the concern that China’s laws could allow the company to share data with the authoritarian regime at its whims. While some of these concerns absolutely have credence, it felt like lawmakers were focusing all of their energy in the wrong place.
To cast TikTok as a singular and lone threat to the privacy of all Americans is almost laughable. The reality of the situation is that the United States does not have an agreed upon privacy legislation that ensures the data privacy of its people, period. Trying to treat TikTok any differently from a laundry list of similar American-based offenders seems like a pointless exercise, and that was widely on display (if not overtly obvious) this past week in our nation’s capital.
2. Chinese-Based Pinduoduo App Banned by Google Over Malware Concerns
Sticking on the China theme here for a moment, Brian Krebs recently reported that Google has suspended the mobile app of Chinese-based e-commerce giant, Pinduoduo. The blog cites research from a security firm that showed evidence of a major Chinese e-commerce app and how they were using a discovered exploit chain that made it possible to read data stored on a device by other apps, as well as make it very difficult to stop of remove the aforementioned actions.
The blog goes on to point out several more smoking gun analysis claims over the course of the past few months. There was also speculation that this vulnerability chain that was being exploited was allowing the organization to gain market share by stealing competitor data.
Yet again, another reason to clean up any old apps on your phone and to be careful what you download!
3. Ferrari Reveals Cyberattack After Receiving Ransom Demand
Ferrari recently announced that they had suffered a data breach after receiving ransom demands. A copy of the customer communications can be seen below. Ferrari said in their statement that they are working with third-party forensic experts to further strengthen systems and also to investigate the breach. Ferrari also confirmed that the breach had no operational impact on the organization. The CEO of Ferrari stated that the business has not paid the ransom demanded by the anonymous hackers because doing so "does not fundamentally impact the data exposure."
It's not the first data leak Ferrari has experienced recently. In October of last year seven gigabytes of stolen internal papers were found online. Even though local news outlets had reported otherwise, Ferrari claimed at the time that it had no reason to think it had been the target of a cyberattack. Ferrari has not commented on whether the two incidents are related.
Thanks for reading!
About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about